...
Install Apache httpd first. It's by far the easiest if version 2.2 or 2.4 is used, because version 2.2 includes these versions include mod_proxy_ajp in the main distribution. If you're using an older version, you'll need to install mod_jk and set that up independently.
...
- Tomcat: Tomcat has an AJP 1.3 connector enabled by default.
- Setting the
tomcatAuthentication="false"attribute on the AJP<Connector>element allows for passingREMOTE_USERfrom Apache httpd. See Tomcat's AJP Connector documentation for more.
- Setting the
Jetty: Jetty's documentation has good instructions on how to enable both Jetty and your application to listen on AJP 1.3.
Info title Jetty 9 drops AJP Note that AJP support has been dropped starting from Jetty version 9. They recommend using
mod_proxy_httpinstead ofmod_proxy_ajp.
Be careful that there is no direct HTTP listener opened by the servlet container. If, for example, there's an HTTP connector listening on port 8080 and no interceding firewall, users would be able to directly access the servlet on port 8080, which bypasses Apache httpd. This also means they would bypass Shibboleth authentication and authorization.
...